Skip to content

Added null check to CorsPolicyBuilder #19831

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
5 commits merged into from
Mar 30, 2020
Merged

Added null check to CorsPolicyBuilder #19831

5 commits merged into from
Mar 30, 2020

Conversation

@chrispickford
Copy link
Contributor

@chrispickford chrispickford commented Mar 13, 2020

It was noticed that there is no null checking in the CorsPolicyBuilder.GetNormalizedOrigin method after a NullReferenceException was picked up. In the case that a null string is passed to the method via WithOrigins (in our case it was because a configuration file read failed) this change throws an ArgumentNullException which gives a clearer indication of what has failed.

Addresses #19830

@ghost ghost added the area-middleware label Mar 13, 2020
@dnfclas
Copy link

dnfclas commented Mar 13, 2020
edited
Loading

CLA assistant check
All CLA requirements met.

analogrelay
analogrelay approved these changes Mar 13, 2020
View reviewed changes
Copy link
Contributor

@analogrelay analogrelay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems reasonable to me. Thanks for the fix!

@ghost
Copy link

ghost commented Mar 13, 2020

Hello @anurse!

Because this pull request has the auto-merge label, I will be glad to assist with helping to merge this pull request once all check-in policies pass.

p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (@msftbot) and give me an instruction to get started! Learn more here.

@mkArtakMSFT mkArtakMSFT added area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates and removed area-middleware labels Mar 13, 2020
analogrelay
analogrelay previously requested changes Mar 13, 2020
View reviewed changes
Copy link
Contributor

@analogrelay analogrelay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like the test you added is failing:

Assert.Throws() Failure

Expected: typeof(System.ArgumentNullException)

Actual: typeof(System.NullReferenceException): Object reference not set to an instance of an object.

---- System.NullReferenceException : Object reference not set to an instance of an object.

Looking at sharplab, what your test actually does is pass a null array rather than an array with a null item.

Working with params is a little tricky, as you can see since I approved the change without realizing this would happen! Good thing we have tests!

I'd suggest a few changes here:

  1. Add a null-check directly on WithOrigins and keep the current test you've added

  2. Add a second test that explicitly constructs an array with an empty element and passes it to WithOrigins (i.e. .WithOrigins(new string[] { "foo", null, "bar" })) and validate that the inner ArgumentNullException is properly thrown.

I think that will resolve the issue and add a little more coverage here.

@mkArtakMSFT
Copy link
Contributor

mkArtakMSFT commented Mar 18, 2020

@chrispickford you still haven't addressed @anurse 's comment regarding what you're actually testing. Your test doesn't match your change. Do you want to give this another try?

@mkArtakMSFT mkArtakMSFT self-assigned this Mar 18, 2020
@chrispickford
Copy link
Contributor Author

chrispickford commented Mar 20, 2020

@mkArtakMSFT @anurse Apologies for the delay, I've updated the test and added extra null check.

@jaredpar jaredpar mentioned this pull request Mar 23, 2020
Closed
@chrispickford
Copy link
Contributor Author

chrispickford commented Mar 28, 2020

@anurse @Tratcher I'm not sure what's going on with the CI build. Any pointers?

@mkArtakMSFT mkArtakMSFT reopened this Mar 29, 2020
@mkArtakMSFT
Copy link
Contributor

mkArtakMSFT commented Mar 29, 2020

Closed and reopened the PR to re-trigger the build

@mkArtakMSFT mkArtakMSFT requested a review from analogrelay March 29, 2020 07:39
@mkArtakMSFT
Copy link
Contributor

mkArtakMSFT commented Mar 29, 2020

@anurse this is blocked on you to sign-off.

@analogrelay
Copy link
Contributor

analogrelay commented Mar 29, 2020

I’m not able to do it from my phone but I’m happy to have my review dismissed to unblock merging if there are other approving reviews.

@ghost ghost merged commit 3eb778f into dotnet:master Mar 30, 2020
@pranavkm pranavkm mentioned this pull request May 11, 2020
Closed
@chrispickford chrispickford deleted the corspolicybuilder-nullref branch July 28, 2020 13:01
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Tratcher Tratcher Awaiting requested review from Tratcher

@analogrelay analogrelay Awaiting requested review from analogrelay

2 more reviewers

@pranavkm pranavkm pranavkm approved these changes

@mkArtakMSFT mkArtakMSFT mkArtakMSFT approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mkArtakMSFT mkArtakMSFT

Labels

area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@chrispickford @dnfclas @mkArtakMSFT @analogrelay @pranavkm @Tratcher